Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 3.10.1 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-27131
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an malicious user to ste...
Moodle Moodle 3.10.1
9.8
CVSSv3
CVE-2021-36393
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
Moodle Moodle
2 Github repositories
5.3
CVSSv3
CVE-2021-20185
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.
Moodle Moodle
Moodle Moodle 3.10.0
4.3
CVSSv3
CVE-2021-20184
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.
Moodle Moodle
5.4
CVSSv3
CVE-2021-20183
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.
Moodle Moodle
5.4
CVSSv3
CVE-2021-20186
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.
Moodle Moodle
7.2
CVSSv3
CVE-2021-20187
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Moodle Moodle
Moodle Moodle 3.10.0
NA
CVE-2013-4940
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle up to and including 2.1.10, 2.2.x prior to 2.2.11, 2.3.x prior to 2.3.8, 2.4.x prior to 2.4.5, 2.5.x prior to 2.5.1, and other products, allows remote malicious ...
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Yahoo Yui 3.1.2
Yahoo Yui 3.3.0
Yahoo Yui 3.6.0
Yahoo Yui 3.7.1
Yahoo Yui 3.10.0
Yahoo Yui 3.10.2
Moodle Moodle 2.2.0
Moodle Moodle 2.2.7
Moodle Moodle 2.4.4
Moodle Moodle 2.4.2
Moodle Moodle 2.3.5
Moodle Moodle 2.3.3
Moodle Moodle 2.3.4
Moodle Moodle 2.1.10
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Yahoo Yui 3.4.0
Yahoo Yui 3.4.1
NA
CVE-2013-4941
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 up to and including 3.9.1, as used in Moodle up to and including 2.1.10, 2.2.x prior to 2.2.11, 2.3.x prior to 2.3.8, 2.4.x prior to 2.4.5, 2.5.x prior to 2.5.1, and other produ...
Moodle Moodle 2.1.8
Moodle Moodle 2.1.0
Moodle Moodle 2.1.9
Yahoo Yui 3.0.0
Yahoo Yui 3.7.3
Yahoo Yui 3.8.0
Yahoo Yui 3.8.1
Yahoo Yui 3.9.0
Moodle Moodle 2.2.6
Moodle Moodle 2.2.5
Moodle Moodle 2.5.0
Moodle Moodle 2.4.0
Moodle Moodle 2.1.10
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.2
Yahoo Yui 3.3.0
Yahoo Yui 3.4.0
Yahoo Yui 3.4.1
Yahoo Yui 3.5.0
Yahoo Yui 3.5.1
Moodle Moodle 2.2.3
NA
CVE-2013-4942
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 up to and including 3.9.1, as used in Moodle up to and including 2.1.10, 2.2.x prior to 2.2.11, 2.3.x prior to 2.3.8, 2.4.x prior to 2.4.5, 2.5.x prior to 2.5.1, and other ...
Moodle Moodle 2.1.4
Moodle Moodle 2.1.6
Moodle Moodle 2.1.0
Yahoo Yui 3.5.0
Yahoo Yui 3.8.0
Yahoo Yui 3.9.0
Moodle Moodle 2.2.8
Moodle Moodle 2.2.4
Moodle Moodle 2.2.6
Moodle Moodle 2.5.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.7
Moodle Moodle 2.1.10
Yahoo Yui 3.6.0
Yahoo Yui 3.7.0
Yahoo Yui 3.7.1
Yahoo Yui 3.7.2
Yahoo Yui 3.7.3
Moodle Moodle 2.2.10
Moodle Moodle 2.2.0
Moodle Moodle 2.2.9
Moodle Moodle 2.2.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »